Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S934610AbeAHQNS (ORCPT + 1 other); Mon, 8 Jan 2018 11:13:18 -0500 Received: from mail-pg0-f47.google.com ([74.125.83.47]:37484 "EHLO mail-pg0-f47.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932943AbeAHQNN (ORCPT ); Mon, 8 Jan 2018 11:13:13 -0500 X-Google-Smtp-Source: ACJfBouUTvsjzRA5kRbLBnBwZgbyk0oztOKG0X0u0kNZ2QmAZIygMS+oyhyTlLu7795gdUx/mRBhIQ== Date: Mon, 8 Jan 2018 08:13:09 -0800 From: Alexei Starovoitov To: Paul Turner Cc: David Woodhouse , Andi Kleen , LKML , Linus Torvalds , Greg Kroah-Hartman , Tim Chen , Dave Hansen , Thomas Gleixner , Kees Cook , Rik van Riel , Peter Zijlstra , Andy Lutomirski , Jiri Kosina , One Thousand Gnomes Subject: Re: [PATCH v6 00/10] Retpoline: Avoid speculative indirect calls in kernel Message-ID: <20180108161306.j5qqzbgfgnnbvcic@ast-mbp.dhcp.thefacebook.com> References: <1515363085-4219-1-git-send-email-dwmw@amazon.co.uk> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: NeoMutt/20170421 (1.8.2) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Return-Path: On Mon, Jan 08, 2018 at 02:42:13AM -0800, Paul Turner wrote: > > kernel->kernel independent of SMEP: > While much harder to coordinate, facilities such as eBPF potentially > allow exploitable return targets to be created. > Generally speaking (particularly if eBPF has been disabled) the risk > is _much_ lower here, since we can only return into kernel execution > that was already occurring on another thread (which could e.g. likely > be attacked there directly independent of RSB poisoning.) we can remove bpf interpreter without losing features: https://patchwork.ozlabs.org/patch/856694/ Ironically JIT is more secure than interpreter.